Files generated through docker-compose run web rails g controller do not have permissions to edit

Question

I am using docker-compose to provide environment to developers. The application is running fine on docker-compose build command and running on 0.0.0.0:3000 on docker-compose up command. When I am trying to run the command docker-compose run web rails g controller to generate a controller with an action, than the files are generated but don't have permission to edit on host.

Dockerfile

FROM ubuntu:14.04
FROM ruby:2.2.1
# Run updates
RUN apt-get update -qq && apt-get install -y build-essential libpq-dev

# Set up working directory
RUN mkdir /xyz/
WORKDIR /xyz/

# Set up gems
ADD Gemfile /xyz/Gemfile
ADD Gemfile.lock /xyz/Gemfile.lock

RUN bundle install

# Finally, add the rest of our app's code
# (this is done at the end so that changes to our app's code
# don't bust Docker's cache)
ADD . /xyz

I even tried to add a user xyzuser but didn't work.

# Create a user imliuser to run app that is not root
RUN useradd --create-home --home-dir /xyz --shell /bin/bash xyzuser
RUN chown -R xyzuser /xyz 

docker-compose.yml

db:
  image: postgres
  ports:
    - "5432"

redis:
  image: redis
  ports:
    - "6379"


web:
  build: .
  command: bundle exec rails s -b 0.0.0.0
  volumes:
    - .:/xyz:rw
  ports:
    - "3000:3000"
  links:
    - db
    - redis

When am running docker-compose build , also getting a warning, don't run bundler as root.

One more error I am getting is when the bundler start installing gems the gem listed as a public git repo was not able to install.

gem 'workflow', :git => '[email protected]:xyz/workflow.git',
:branch =>'feature_state_to_integer'

Getting the following error.

Host key verification failed.
fatal: Could not read from remote repository.

Even if the repository is public

Answer 1

You're exposing three issues in your question:

1. You dont have access to the files written by docker in the mounted volume.
2. You get a warning saying don't run bundle as root.
3. You dont have access to github because Host key verification failed.

Find below my suggestion for each one:

1) You could access any file in your host system if you have root access to it. So I'm assuming you don't but you user is in the docker group, allowed to run docker commands. First, find the user id of such user:

id -u xyzuser
1000

In the example above the user id is 1000. Then, add useradd command to your Dockerfile in the same way you did in your post, but adding an additional argument (-u):

RUN useradd -u 1000 --create-home --home-dir /xyz --shell /bin/bash xyzuser

Finally, run your docker container with xyzuser (see next point). Thus, you've made both host and docker container understand they are using the same user instead of just two different users with the same name.

Alternatively, you can also use the USER instruction in the Dockerfile to specify the user during the build, as was posted in a deleted answer.

2) The error is very explicit, you can't run bundler as root, I'd say your solution is to change the user who is going to run commands inside the docker container. You can use the user argument in your .yaml file to change it. Example:

web:
  build: .
  user: xyzuser
  command: bundle exec rails s -b 0.0.0.0
  volumes:
    # Avoid to use relative paths during
    # testing stage
    - /abs/path/to/current:/xyz
  ports:
    - "3000:3000"
  links:
    - db
    - redis

3) To solve the Host key verification ... error you need to manage to add the host to the container known_hosts file. A way to do so is as follows:

ssh-keyscan -H github.com >> ~/.ssh/known_hosts

In your docker file, you can add the line:

RUN ssh-keyscan github.com >> /root/.ssh/known_hosts

prior to the gems set up. Make sure you add the host key to the .ssh directory of the actual user that is going to connect to github.

The reason for this is because you're connecting to github via ssh and this protocol uses "fingerprints" to identify the server to a client. Take a look to Giles' answer if you want to know more about this: https://unix.stackexchange.com/questions/42643/ssh-key-based-authentication-known-hosts-vs-authorized-keys

Answer 2

Docker containers run your application as the root user by default. You'll have to sudo chown them to set them as your user, or create a user in the image with the same user id.

Answer 3

Run the below command in console from project directory. It will give you the permission to edit. sudo chown -R $USER:$USER .